Threat intelligence

The Microsoft Threat Intelligence community is made up of world-class experts, security researchers, analysts, and threat hunters who analyze 100 trillion signals daily to discover threats and deliver timely and timely, relevant insight to protect customers. See our latest findings, insights, and guidance.

Refine Results

Filtered by

Clear All

Refine results

Sort By

Content Type

Topic

Products and services

Publish date

Start Date

End Date

Simplify endpoint management with Microsoft Intune

Microsoft Intune is a cloud-based unified endpoint management platform that empowers IT to manage, assess, and protect apps and devices.

Learn more
December 7, 2023

28 min read

Star Blizzard increases sophistication and evasion in ongoing attacks

Microsoft Threat Intelligence continues to track and disrupt malicious activity attributed to a Russian state-sponsored actor we track as Star Blizzard, who has continuously improved their detection evasion capabilities while remaining focused on email credential theft against targets.
October 25, 2023

17 min read

Octo Tempest crosses boundaries to facilitate extortion, encryption, and destruction

Microsoft has been tracking activity related to the financially motivated threat actor Octo Tempest, whose evolving campaigns represent a growing concern for many organizations across multiple industries.
October 3, 2023

9 min read

Defending new vectors: Threat actors attempt SQL Server to cloud lateral movement

Microsoft security researchers recently identified an attack where attackers attempted to move laterally to a cloud environment through a SQL Server instance.
August 24, 2023

13 min read

Flax Typhoon using legitimate software to quietly access Taiwanese organizations

China-based actor Flax Typhoon is exploiting known vulnerabilities for public-facing servers, legitimate VPN software, and open-source malware to gain access to Taiwanese organizations, but not taking further action.
Secure and verify every identity with Microsoft Entra

Microsoft Entra expands beyond identity and access management with new product categories such as cloud infrastructure entitlement management (CIEM) and decentralized identity.

Learn more
July 11, 2023

7 min read

Storm-0978 attacks reveal financial and espionage motives

Microsoft has identified a phishing campaign conducted by the threat actor tracked as Storm-0978 targeting defense and government entities in Europe and North America.
July 6, 2023

17 min read

The five-day job: A BlackByte ransomware intrusion case study

In a recent investigation by Microsoft Incident Response of a BlackByte 2.
June 22, 2023

11 min read

IoT devices and Linux-based systems targeted by OpenSSH trojan campaign

Microsoft has uncovered an attack leveraging custom and open-source tools to target internet-facing IoT devices and Linux-based systems.
June 14, 2023

13 min read

Cadet Blizzard emerges as a novel and distinct Russian threat actor

Microsoft attributes several campaigns to a distinct Russian state-sponsored threat actor tracked as Cadet Blizzard (DEV-0586), including the WhisperGate destructive attack, Ukrainian website defacements, and the hack-and-leak front “Free Civilian”.
Prevent threats with Microsoft Defender

The Microsoft Defender family offers comprehensive threat prevention, detection, and response capabilities for everyone—from individuals looking to protect their family to the world’s largest enterprises.

Explore products
June 8, 2023

12 min read

Detecting and mitigating a multi-stage AiTM phishing and BEC campaign

Microsoft Defender Experts observed a multi-stage adversary-in-the-middle (AiTM) and business email compromise (BEC) attack targeting banking and financial services organizations over two days.

Threat intelligence

Filtered by

Refine results

Simplify endpoint management with Microsoft Intune

Secure and verify every identity with Microsoft Entra

Prevent threats with Microsoft Defender

Get started with Microsoft Security